User Login
Authentication
User Login
Authenticate with email and password to obtain a JWT token for API access
POST
User Login
Overview
The login endpoint authenticates a healthcare professional and returns a JWT token used to access protected endpoints. It is the primary authentication method for the MediSync platform.No authentication is required to call this endpoint. Platform messages are returned in German.
Body Parameters
Registered email address. Validated as an email and normalized server-side.
Account password. Minimum 6 characters.
If
true, issues a 7-day token; otherwise the token is valid for 24 hours.TOTP code (or a one-time backup code) for accounts with 2FA enabled. Omit it on the first call to receive the
202 2FA challenge, then resubmit with the code.Response
true when authentication succeeds.JWT token for authenticating subsequent requests.
The authenticated user’s id.
Medical title (Dr., Prof., …).
User’s first name.
User’s last name.
Whether the account has 2FA enabled.
Example Request
Example Response
Two-Factor Authentication
If the account has 2FA enabled andtwoFactorCode is omitted, the endpoint returns 202 Accepted with a challenge instead of a token. Resubmit the same request including a valid twoFactorCode.
Error Responses
Authentication failures use a
failed label alongside error, while validation and rate-limit errors return only error. The API does not return invented English code values — branch on the HTTP status and the fields shown above.Rate Limiting
Login is limited to 10 attempts per 15 minutes per email address. Exceeding the limit returns429 with rateLimited: true; standard RateLimit-* headers (and Retry-After) are included.
Next Steps
Register
Create a new healthcare-professional account.
User Profile
Retrieve the authenticated user’s profile.